Jump to content


Photo

What was the AnonymousFox hack?


  • Please log in to reply
3 replies to this topic

#1 Bailey

Bailey

    Rank VIII Member

  • Web Developer
  • 787 posts
  • Gender:Male
  • Location:GMT+0

Posted 17 August 2018 - 05:36 PM

I seem to have missed what it is but have seen it pop up around on the forums.

Do not PM me. My email can be found on my website if you would like to talk about non-Heliohost related subjects. (bailey.guru)


#2 wolstech

wolstech

    Rank X Member

  • Root Admin
  • 13,409 posts
  • Gender:Male
  • Location:Pennsylvania

Posted 17 August 2018 - 06:33 PM

Someone mass-hacked just about every WordPress installation on Tommy, then dropped a bunch of malware. Some of the accounts also had a spambot or phishing set up on them. The name of the hack comes from the username of the admin account the hacker created in the WordPress database on compromised accounts. We ended up just mass-banning almost every WP user on Tommy (without backups due to malware and phishing), then giving them new accounts. 

 

The interesting part is that whatever hack they used works on fully up to date, extension-free WordPress installs, meaning there's a severe security hole in WP's core. People around the world were reporting this hack on different hosts too around the same time. WP themselves...they spent their time deleting people's complaints, closing hack reports as no issue found, and denying the hack exists despite the obvious evidence to the contrary.

 

Just another reason to never use WordPress...


Please do not PM me for support. Posting on our forums lets all of us learn.
Do you play Minecraft? | Server Monitors | And the Dumbass of the Decade award goes to...


#3 deanhills

deanhills

    Newbie

  • Members
  • 6 posts

Posted 10 September 2018 - 01:55 PM

Wow!  Has this issue been resolved yet?  I'm a great user of WordPress - also a fan.  I've been using WordPress for years without having a problem with it or it been hacked.  I've used it on a number of servers spread far and wide.  I've used it on VPSs and shared hosting accounts.  I've installed it from the command line, from Softaculous and from other Softaculous alternative tools.

 

Would be very interesting to know how the hacker managed to infiltrate the installation process.


Edited by deanhills, 10 September 2018 - 01:57 PM.


#4 wolstech

wolstech

    Rank X Member

  • Root Admin
  • 13,409 posts
  • Gender:Male
  • Location:Pennsylvania

Posted 10 September 2018 - 06:29 PM

Nope, and likely never will be considering they actively denied the issue exists. WordPress is our (and many other hosts') leading cause of hacked accounts, high load, phishing, and spam. It's not the install process, they hack the actual installed product. The extensions are even worse when it comes to security.

 

The product is just so poorly written that there's no good way to actually fix the security issues with it without just throwing it out and starting over. WP has been around forever and has AFAIK never seen a full rewrite. As a result, it's a pile of really ugly legacy procedural code that just keeps getting tweaked, extended, and patched over and over again. Most other CMSes of this age have been fully rewritten at least once, if not twice or more.

 

Drupal had a massive overhaul between v7, 8, and 9. Joomla did the same between v2 and v3.

 

Seriously, there's zero good reason to be using WordPress at this point. It's almost certainly the worst product available in the CMS market from a security standpoint, but sadly also the most popular. That means it only faces an even worse time than most, because hackers like popular software as targets, and it's also an easy target.


Please do not PM me for support. Posting on our forums lets all of us learn.
Do you play Minecraft? | Server Monitors | And the Dumbass of the Decade award goes to...





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users